Healthcare Cyber Security: Provider Keeps Patient Data Phish-Free

By: Kim del Fierro |@Area1Security | Area 1 Security

Attacking a healthcare organization and doing damage in the millions requires no nation-state hacking infrastructure; no creation of code or dodging of firewalls; no encryption or password-breaking. All it requires is an email: a phish.

Phishing is a simple form of cyberattack, but the rewards are disproportionately great. For healthcare organizations, the shadow of this threat is especially dark and widespread. One reason is that people go all-in when trusting their financial data and confidential information to their healthcare provider.

In their 2018 Cost of a Data Breach Report, IBM and the Ponemon Institute found that a healthcare data breach costs an average of $408 per record, the highest of any industry for the eighth straight year.

Ransomware and BEC: Relentless and Successful

Ransomware, delivered by phishing attacks, have been devastating for healthcare, accounting for 85 percent of the malware delivered by phish.

The relative simplicity of BEC also makes this a favored hacker strategy. Because BEC requires no real knowledge of healthcare, nor of computers, it can be as simple as sending an email.

Most phishing attacks on healthcare companies are deployed by emails that instruct employees to follow a link to a web page, where they then trigger a malware download or enter their username and password to continue, delivering this data right to the hackers.

A Healthcare Organization Chooses Area 1 to Stop Its Phishing Attacks

Given the severity of the risks it faced, a national leader in clinical medicine and care delivery decided to entrust its phishing protection strategy to Area 1 Security’s preemptive, cloud-based solution. The organization maintains 23 hospitals and more than 1,600 physicians and clinicians at 185 clinics, all under constant phishing attack.

With its extensive digital presence, this healthcare organization was highly exposed. Every employee using email, browsing the web, or bringing unsecured devices to and from home was a potential breach vector for phishing attacks and data theft. Efforts to centralize patient records for convenient access actually enlarged the size of the target.

Before this major healthcare organization committed to Area 1 Security, it invested two weeks testing the solution against swarms of phishing attacks that continuously evaded their existing defenses. Area 1 Security proactively detected and stopped hundreds of campaigns that had been missed by their current protection and would have landed in email inboxes.

During the evaluation, these threats were discovered an average of 25 days ahead of what their existing system was capable of. Because Area 1 Security is a cloud-based service, it also minimized their operational burden and integrated easily to fortify their current infrastructure.

Read the case study to find out more about how this organization implemented Area 1 Horizon™ and how profoundly a preemptive, comprehensive, and accountable anti-phishing solution can stop phishing attacks.